General
-
Target
3d82a4c82d82d89d46a63b5279c49686_JaffaCakes118
-
Size
567KB
-
Sample
240712-qegsxsxblf
-
MD5
3d82a4c82d82d89d46a63b5279c49686
-
SHA1
5c3bb1fd61be098431cead5a3d643bf4dbca58dd
-
SHA256
87ab7984dcbed47060903804ee2932a2bc8cae9ea5c4a80b20461368955ec7b5
-
SHA512
653e3d880ae7d859f26ff1b80c006bda0fa17327407b6ec3f247742a589f2ee0d61938557fed8f95d1c2e7e72a6301e741989e688d83271ee0440e46b88f9d02
-
SSDEEP
12288:sCrc1Q1X7NmRg9uRPjen+R21B/QrwhpcI7hSirIlZZj9:rmomm9uB8X1Bxbc/h/9
Static task
static1
Behavioral task
behavioral1
Sample
CT-00003718496.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
CT-00003718496.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.chrismehat.com - Port:
587 - Username:
[email protected] - Password:
)gRmQ~47Z5QY
Targets
-
-
Target
CT-00003718496.exe
-
Size
877KB
-
MD5
e3eccaf644b82addc73b4e309ad5dbc4
-
SHA1
e8926a0c10c9edbb225692f7a98fbb6fe80ce451
-
SHA256
52ca1dc8d708f230c82c5695a6af672c5f214f5d8a7df62b9f07930488a7c9ed
-
SHA512
9210e7ad84b01fc3065e89579506c315c4047c1f550ce02e15422d22ba29e2127ec8abafcc4a46bfd7127fa5c821b833d8f395176b26338943e7f97d412993b6
-
SSDEEP
12288:y7YIqc3P1ckHfimOEqju5TO5vw/XeEgCsiXqlj4ZT0trATw237Gn40:Id3HlOXju5T+Y/XeEgCKlnAX37Gn
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-